From inside the network I tested my VPN by using one of my virtual WLAN's which is on a different subnet (Guest Network), I already had firewall rules in place to prevent the guest network accessing the private network, so the VPN and its route pushing was tested to see if I could access the private network via VPN while being on the guest subnet.

However you will need to know how your VPN behaves from the outside and you can test in a variety of locations:

Does this mean that there is no need to generate certificates for each DHCP client?

No, you need always to generate certificates for every single client.

Is there a guide for noob you can point me to showing how to generate these certificates without having to know linux command language.
something easier to follow than the wiki
Would this Using XCA to configure the OpenVPN PKI part as an alternative to OpenVPN's easy-rsa the easier choice?

Does this mean that there is no need to generate certificates for each DHCP client?

No, you need always to generate certificates for every single client.

Is there a guide for noob you can point me to showing how to generate these certificates without having to know linux command language.
something easier to follow than the wiki
Would this Using XCA to configure the OpenVPN PKI part as an alternative to OpenVPN's easy-rsa the easier choice?

This should get you started. Outlines how to generate the certificates on Windows (easy-rsa) or on a Linux based distro.

I used easy-rsa and it worked fine. I have never used the XCA method, but I know some users prefer it and it seems to work fine. Its really down to personal preference really on how you generate the keys and certificates.

Does this mean that there is no need to generate certificates for each DHCP client?

No, you need always to generate certificates for every single client.

Is there a guide for noob you can point me to showing how to generate these certificates without having to know linux command language.
something easier to follow than the wiki
Would this Using XCA to configure the OpenVPN PKI part as an alternative to OpenVPN's easy-rsa the easier choice?

This should get you started. Outlines how to generate the certificates on Windows (easy-rsa) or on a Linux based distro.

I used easy-rsa and it worked fine. I have never used the XCA method, but I know some users prefer it and it seems to work fine. Its really down to personal preference really on how you generate the keys and certificates.

I am not sure what am I screwing up other than just I am fairly new to dd-wrt in the first place much less try to make OpenVpn server work. Where can I go to recruit some guided help on TeamViewer to set up OpenVpn on my E3000 flashed with DD-WRT v24-sp2 (06/14/11) big ?

I ask again, do you know where I can recruit some paid help over team viewer to set up openvpn server on dd-wrt. I have pm'd a couple of moderators and I am awaiting any response. Too many manhours burnt already, welcome to open source.

I think everyone misses the part where you choose which type of configuration you are trying to setup, VPN Server or VPN Client.

I think RedAlert's excellent easy config guide / example is for setting your router as an OpenVPN Server. However, IT ASSUMES that you have all your required certificate files already on hand.

An easy analogy is that people can show you how to use and configure Facebook or Twitter all day, but if you don't go through the process of registering with Facebook and Twitter and get get your username and password to access their site, all the Facebook and Twitter guides and instructions in the world will be of no use to you because you will be stuck at the front door of the site.

What I am trying to say is that DD-WRT has come a long way with the Web GUI configuration for OpenVPN (client and server), but if you don't have what you need to configure your client or server (e.g. certificate, key and config files) All you are looking at is a nice Web GUI with no real functionality.

I often got lost/disoriented when reading posts, because the persons posting assumed that because they knew what type of configuration they were referring to, so did everyone else that was reading their post.

If you are an experienced user, you can pickup which type of config they are referring to by the context of their postings, however, if you are a Noob, it can get VERY confusing to follow and you could end-up screwing up your config if you follow a guide that is for SERVER when you are trying to setup a CLIENT or the other way around.

So figure out which config you are trying to set up.

A. OPENVPN CLIENT CONFIG:
You are trying to setup your router as an OpenVPN CLIENT that will establish a connection with an OpenVPN Server.

YOU WILL need to generate your client certificate file (client.crt) and key file (client.key) so that you can provide them to your clients in similar fashion to what was outlined under option A above.

Now, YOU WILL ALSO need to generate the following certificates for YOUR OpenVPN SERVER:
1)Certificate Authority Certificate (ca.crt)
2)Public Server Certificate (server.crt)
3)Private Server Key (server.key)
4)Diffie-Hellman Encrypted Authentication Parameters file (dh1024.pem), you can also generate a larger file called (dh2048.pem). Please read up on this because the larger file will affect performance. For more information see http://www.ietf.org/rfc/rfc2631.txt

This seems like a third option that makes your router a node on a sort of VPN mesh network.

Go to Services -> VPN.

1) Enable OpenVPN Daemon (not client).
2) Choose Start type: Wan up.
3) Open "arethusa-ca.crt" (provided to you by arethusa)with any text editor, select all the text and paste it in "Public Server Cert".
4) In "Private Client Key", enter the username for this tunnel on the first line, and the password on the second line. like this:

username
password

5) Open "arethusa.ovpn"(provided by arethusa) with any text editor, select all the text and paste it in "OpenVPN Config" section. You can remove all the commented lines to save some space.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou can attach files in this forumYou can download files in this forum